Directive only for certain alias

Maxim Dounin mdounin at mdounin.ru
Wed Aug 31 13:03:21 UTC 2011


Hello!

On Wed, Aug 31, 2011 at 08:43:53AM -0400, cicovy wrote:

> Hi guys!
> I've been using nginx for a while and I'm very pleased with it's
> performance. However, I didn't manage to setup one thing, maybe someone
> has an idea...
> 
> Before using nginx, I used apache and I had a configuration similar to
> the next one for certain alias, which I want to force client SSL
> requirement and for other areas of the site I didn't need that. I've
> posted the example of apache configuration below. Is there anything
> similar for this in nginx? I need to have "ssl_verify_client optional;"
> in certain aliases and "ssl_verify_client on;" in 2 of my aliases.

No way, ssl_verify_client may only be configured at server{} level 
in nginx (as nginx neither use nor allow renegotiation of SSL/TLS 
connections).

Please also note that such setups (regardless of the specific 
server software used) do require renegotiation.  Secure one is 
only available in products less than 2 years old, see [1].

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

Maxim Dounin



More information about the nginx mailing list